moai-system-universal
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- No Executable Code (SAFE): The skill package consists exclusively of Markdown documentation and project templates. No Python scripts, JavaScript files, or shell commands are included for execution.
- Indirect Prompt Injection (LOW): The
templates/universal-project-template.mdfile interpolates user-provided metadata into code examples, which could be exploited to influence agent behavior if processed downstream. - Ingestion points: YAML configuration fields such as
project_nameandindustryintemplates/universal-project-template.md. - Boundary markers: None; user data is directly merged into the Python snippets.
- Capability inventory: References to system orchestration and security implementations within the
moai_universal_ultimatelibrary. - Sanitization: No input validation or escaping mechanisms are visible in the templates.
- Reference to Unknown Framework (SAFE): The skill documentation references a non-standard library
moai_universal_ultimate. While this library is unverifiable, the skill does not attempt to install or execute it during its operation.
Audit Metadata